Building and managing cloud infrastructure manually can be quite the task; even more challenging when you’re operating as a distributed team. With everyone pushing multiple (and often concurrent) changes and updates, it can be tricky to properly provision, configure or deploy resources and applications when needed or track and fix errors on the fly. It can quickly create unnecessary dependencies that bog down your system and sap away time and resources that you could spend in strengthening and scaling your infrastructure. It’s situations like this where Infrastructure as Code (IaC) comes in handy. 

IaC allows you to automate the tasks you carry out while provisioning, configuring, and deploying your IT infrastructure, making your infrastructure genuinely elastic. IaC lets you use configuration files written in high-level descriptive coding languages to automate infrastructure management. IaC also enables you to manage your configuration files like software code – with code repositories, automated testing, and version control. 

The rapid adoption of IaC and the benefits they bring have led to the flooding of cloud marketplaces with IaC tools, with each one being remarkable in its specific way. Sadly since there’s no single IaC tool that does everything end-to-end or suits everyone’s requirements, you’ll often find yourself tasked with building and evaluating a list of services and picking one that’s right for you. AWS CloudFormation and Terraform are two IaC services that often top such lists.

What is AWS CloudFormation?

AWS CloudFormation is an Amazon web service that lets you create, provision, and manage a collection of related Amazon services and third-party resources. The in-built AWS Cloudformation designer makes it easy to add, configure, and connect different resources, thereby simplifying the management, monitoring, and testing of infrastructure. You can also build third-party extensions using the command-line interface.

What is Terraform?

Terraform is an open-source, cloud-agnostic infrastructure management tool developed by HashiCorp that enables modular configuration of infrastructure, thereby allowing you to use AWS modules and third-party modules in the same infrastructure.

Terraform boasts the ability to run clusters made up of high and low-level component modules simultaneously. You can create Terraform setups by writing configuration files that Terraform uses to generate an execution plan to reach your infrastructure’s desired state.

The comparison

When trying to determine the better of the two, you might be overwhelmed with the features they both offer. One of them could be better than the other depending on how they suit your infrastructure’s needs. To help you decide between the two, we compare AWS CloudFormation and Terraform based on their state management, modularity, integrated logging, and safeguarding and rollback capabilities.

State management

Terraform stores the infrastructure state on disk by default. It can also store the state remotely. When storing the state remotely, Terraform employs flexible versioning that helps develop the infrastructure in parallel. States are created by writing a JSON configuration file that outlines how to provision your infrastructure resources.

AWS CloudFormation, on the other hand, provisions resources automatically. CloudFormation collects AWS resources and dependencies and bundles them together into “stacks.” These stacks allow you to delete or modify dependencies in bulk. For instance, a stack can encompass the resources for a specific web application. When you delete the application, CloudFormation also deletes the stack. When you manage a stack state, you can modify the provisioned resources without a complete rebuild.

Modularity 

CloudFormation uses sets of “nested stacks” or templates as modules. These nested stacks act as building blocks for your infrastructure and allow you to import and export standard configuration settings. For example, you might have multiple configurations of resources used for different applications or infrastructure. In these cases, you can create a dedicated template for such resources that you can then import into every stack that needs the resource. 

Terraform shines when considering its modularity. HashiCorp built Terraform to be cloud-agnostic and be able to incorporate any resource. Terraform includes native support for many third-party modules. It accomplishes this via “providers,” or plugins that implement resource types. You can add any resource, AWS or third-party, by adding a provider to your configuration.

Terraform also uses modules to organize configurations. Modules allow complex configurations to remain readable by managing related parts. You can also use modules to reuse and share common configurations. Reusing modules causes fewer errors and less time rewriting your configurations. Terraform practitioners often publish modules online. The vast community that Terraform has built allows you to tap into community knowledge and experience and dramatically reduces the time you’d spend writing and debugging configuration files.

Integrated logging

Integrated logging is one of the best features of IaC. Logging allows developers to manage and monitor their infrastructure, identify issues with deployed applications, and rectify them quickly. Apica is one of the most robust logging solutions for various IaC providers. Apica is a well-rounded observability platform that monitors and analyzes your logs. Apica eliminates all complexity from log analysis and makes monitoring infrastructure feel automatic.

It’s easy to integrate Apica into both CloudFormation and Terraform. Apica is already available on AWS Marketplace and supports single-click integration with CloudFormation as shown in this video:

Integrating Apica with Terraform isn’t quite single-click yet. You can still create a custom AWS plugin that configures Apica and integrates it within your infrastructure. Terraform’s modularity makes this possible! You can also use the AWS autoscaling module for Terraform that easily plugs AWS resources into your configuration, thereby enabling easy Apica integration!

Rollbacks and Safeguards  

Both Terraform and CloudFormation offer deletion protection. This safeguard ensures that you cannot delete resources in use as dependencies in other applications, thereby dramatically reducing your chances of accidentally breaking your infrastructure!

CloudFormation also backs up data stores before deleting or modifying them. Sometimes a manual update can cause your CloudFormation infrastructure to fail. In these cases, CloudFormation will automatically rollback your infrastructure to its previous working state.

Terraform does not support automatic rollbacks out-of-the-box. You can deploy fixes yourself or manually revert to a previous configuration that worked. You can also prevent a rollback by using the command terraform plan that outputs a list of all upcoming changes before actually executing them. You can also use terraform plan to complete dry runs of an update, double-check the output to ensure all changes are as expected, and then commit your changes.

Decision time: CloudFormation or Terraform?

Before deciding between using CloudFormation or Terraform, consider your team’s and your infrastructure’s needs. Both CloudFormation and Terraform are flexible and compelling tools and offer comprehensive state management and automated logging. But they also provide different features that suit your infrastructure needs differently. If you’re mainly working with AWS resources, CloudFormation might work best for you. If your infrastructure relies on many third-party resources, Terraform might be a better fit. Regardless of the service you pick, be sure to incorporate Apica for real-time monitoring and ensuring your applications and infrastructure are always on.